On 24 August 2010 21:00, Andre Oppermann <an...@freebsd.org> wrote:
>
> Try "netstat -n -p tcp -x" to see whether one socket is holding on to
> too much data.
ok.
> Testing with a different network card would help to narrow down the
> area to look for the bug as well.
I don't have this option, unfortunately. The box is about 8,000km from me.
> Can you describe your connection capturing setup some more? Do you
> use "ipfw fwd" or some form of NAT?
#!/bin/sh
fwcmd=/sbin/ipfw
myif=bce0
proxy_port=3138
localip=<localip>
${fwcmd} -f flush
# table 1 - redirect client list
${fwcmd} table 1 flush
# table 2 - bypass server list
${fwcmd} table 2 flush
# table 3 - bypass client list
${fwcmd} table 3 flush
# ok, add local networks
<local subnets go here>
# Allow direct connections
${fwcmd} add 10 allow tcp from any to ${localip} 80 in via ${myif}
# bypass list - server
${fwcmd} add 15 allow tcp from any to 'table(2)' 80 in via ${myif}
${fwcmd} add 16 allow tcp from 'table(2)' 80 to any in via ${myif}
# bypass list - client
${fwcmd} add 17 allow tcp from 'table(3)' to any 80 in via ${myif}
${fwcmd} add 18 allow tcp from any 80 to 'table(3)' in via ${myif}
# redirect non-me :80
${fwcmd} add 20 fwd 127.0.0.1,${proxy_port} tcp from 'table(1)' to any
80 in via ${myif}
# redirect client-destined packets on port 80 to me for local socket check
${fwcmd} add 30 fwd 127.0.0.1 tcp from any 80 to 'table(1)' in via ${myif}
# pass the rest
${fwcmd} add 65000 allow ip from any to any
sysctl net.inet.ip.fw.enable=1
sysctl net.inet.ip.forwarding=1
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
